Summary Under the proposed Cloud and AI Development Act (CADA), "frontier AI priority project" status and listing in the CADA central repository (often mistaken for a marketplace) are two entirely distinct mechanisms with different legal bases, purposes, and beneficiaries. Frontier AI priority project status, defined in Article 8, is a designation for pioneering research and innovation projects that unlocks preferential access to European high-performance computing (HPC) resources. In contrast, the central repository established under Articles 22 and 23 is a transparency tool that lists cloud computing services recognized as meeting specific "Union assurance levels" for sovereignty and security. One is an R&D funding and compute-access mechanism; the other is a procurement and trust framework for commercial services. Confusing the two could lead to strategic errors in compliance or resource allocation.
Detail
The confusion between these two concepts often arises because both involve the European Commission and aim to strengthen Europe's AI ecosystem. However, they operate in completely different chapters of the proposed regulation, serve different stakeholders, and address different policy failures.
Frontier AI Priority Project Status (Article 8)
Article 8 of the CADA proposal establishes the criteria for recognizing a project as a "frontier AI priority project." This status is not a commercial listing, nor is it a certification for a cloud service provider to sell to the public. Instead, it is a mechanism to support the development of cutting-edge AI technologies that are critical for the Union's strategic autonomy and technological leadership.
To qualify, a project must be selected through an open call for expressions of interest and must support "grand challenge 3" set out in Annex I of the regulation, which focuses on developing the next generation of multimodal frontier AI models and systems. According to Article 8, three cumulative criteria must be met:
- Pioneering Nature: The project must be focused on supporting and scaling up frontier AI technologies.
- Entity Structure: It must be undertaken by a European digital infrastructure consortium (EDIC) established pursuant to Decision (EU) 2022/2481, or another legal entity eligible for funding under Union law. Crucially, it must involve the participation of at least three Member States.
- Resource Pooling: The participating Member States must pool computing time and other relevant resources to support the implementation of the designated project.
The primary benefit of this status, as detailed in Article 9, is access to computing resources. The Union and Member States must ensure that sufficient AI computing resources are allocated to support these projects. Specifically, Article 9(2) states that "The Union shall at least match the AI computing resources contributed by Member States to frontier AI priority projects to the extent that sufficient AI computing capacity is available within the Union's share of European high performance computing access time." This mechanism is designed to de-risk large-scale, capital-intensive AI development by guaranteeing access to the massive computational power required for training frontier models. It is an input mechanism for R&D, not an output certification for market sales.
The Central Repository and Union Assurance Levels (Articles 22 and 23)
The "CADA marketplace" is a misnomer for the central repository established under Article 22. This repository is not a commercial platform for buying and selling cloud services, nor is it a listing for R&D projects. It is a regulatory transparency tool that lists cloud computing services that have been formally recognized as offering specific "Union assurance levels" (1, 2, 3, or 4).
The process leading to a listing in this repository is governed by the cloud computing sovereignty framework in Title IV of the regulation:
- Assessment and Recognition: Cloud computing service providers must undergo conformity self-assessments (for Level 1) or independent third-party audits (for Levels 2–4) to demonstrate compliance with the criteria in Annex II. These criteria cover data localization, personnel citizenship, cybersecurity certification, and absence of third-country control.
- National Competent Authorities: Once a provider submits the required evidence (such as a positive audit opinion), the national competent authority of establishment assesses the application. If successful, the service is recognized across the Union.
- Registration: Article 22(2) mandates that the national competent authority register the recognized cloud computing service in the central repository maintained by the Commission.
- Transparency Obligations: Article 23 requires providers to notify the auditing organization and the competent authority of any material changes that might affect their recognition. If an audit opinion is revoked or recognition is withdrawn, this must also be published in the central repository.
The purpose of this repository is to enable public sector bodies and contracting authorities to identify which cloud services meet the necessary sovereignty and security standards for their specific use cases. Article 30 requires that public sector bodies procure only from services listed in this repository that meet the assurance level determined by their risk assessment (e.g., Level 1 for non-critical activities, Levels 2–4 for activities contributing to public order). It is an output mechanism for market access and procurement compliance.
Key Differences
| Feature | Frontier AI Priority Project (Art. 8) | Central Repository Listing (Art. 22) |
|---|---|---|
| Primary Purpose | Support R&D and innovation in frontier AI models. | Ensure sovereignty, security, and trust in cloud services for procurement. |
| Target Entity | Research consortia (EDICs) and multi-national projects. | Commercial cloud computing service providers. |
| Key Benefit | Access to pooled EuroHPC computing resources (matched by the Union). | Eligibility for public sector procurement contracts (mandatory for public order). |
| Mechanism | Selection via open calls; matching of compute resources. | Audit/self-assessment; recognition by national authorities; registration. |
| Regulatory Chapter | Title II (Research, Development and Deployment). | Title IV (Autonomy and Adoption). |
| Legal Basis | Article 8 (Criteria) + Article 9 (Compute Support). | Article 22 (Repository) + Article 30 (Procurement Obligation). |
What this means for you
For cloud service providers, data centre operators, and research entities, it is critical to distinguish between these two pathways to align your compliance and business strategies correctly.
If you are a cloud provider aiming for public sector contracts: You need to focus on the sovereignty framework in Title IV. You must undergo the audit or self-assessment process to achieve a Union assurance level. Your goal is to get your service recognized and listed in the central repository under Article 22. Without this listing, you cannot legally supply cloud services to public sector bodies that have identified their activities as contributing to public order (requiring Levels 2–4) or even general public sector use (requiring Level 1). Ensure you have the necessary technical and organizational measures in place to meet the criteria in Annex II, particularly regarding data localization, personnel citizenship, and supply chain transparency. Article 8 is irrelevant to this process.
If you are a research entity or consortium developing frontier AI models: You should focus on Article 8 and Article 9. You are not trying to get listed in the sovereignty repository. Instead, you are looking to qualify as a frontier AI priority project to secure access to scarce HPC resources. Ensure your project structure involves multiple Member States and fits the definition of a pioneering project in frontier AI. The benefit here is not market access, but computational access, which is often the primary bottleneck for frontier AI development. Your project does not need to be a "sovereign cloud service" to qualify, though using sovereign infrastructure may be strategically prudent.
For data centre operators: Your role may intersect with both. You may host the infrastructure for frontier AI priority projects, benefiting from the increased demand for compute. Simultaneously, if you offer cloud services, you must ensure your data centres meet the sustainability and sovereignty criteria to help your clients achieve Union assurance levels. The designation of "data centre strategic projects" under Article 14 is a separate mechanism for data centre deployment support, distinct from both frontier AI status and cloud service recognition.
Common misconceptions
Misconception 1: The central repository is a commercial marketplace. Many providers assume that being listed in the Article 22 repository means they are "on the market" in a commercial sense, similar to an app store. This is incorrect. It is a regulatory register. It does not facilitate transactions, pricing, or customer reviews. Its sole function is to provide public authorities with a verified list of compliant services to ensure they do not breach procurement rules under Article 30.
Misconception 2: Frontier AI status certifies a cloud service's security. Some assume that being recognized as a frontier AI priority project implies that the underlying infrastructure or the resulting AI system is "sovereign" or "secure" under the CADA sovereignty framework. This is false. Article 8 is about technological capability and strategic importance for R&D. It does not confer any Union assurance level. A frontier AI project could theoretically run on non-sovereign infrastructure if the consortium chooses, though this would be strategically inadvisable. The two frameworks are parallel, not hierarchical.
Misconception 3: You can choose one or the other. Entities often think they must choose between being a "frontier AI player" or a "sovereign cloud provider." In reality, a large provider might engage in both. They might operate a cloud service that seeks Union assurance level 3 recognition for public sector sales (Article 22) while simultaneously participating in a European digital infrastructure consortium that applies for frontier AI priority project status to train their next-generation models (Article 8). These are complementary strategies for different aspects of the business.
Official sources
Related
- Why would a company want frontier AI priority project status under CADA?
- What does 'pioneering project' mean for frontier AI priority project status?
- Is frontier AI priority project status a grant, a label, or compute access?
- Is frontier AI priority project status a binding legal designation under CADA?
- Can frontier AI priority project status help with AI Act compliance?
This is general information about a draft EU regulation, not legal advice.